Fake It ‘Til You Make It: How to tell if a cyberthreat is real or fake

America’s founding father, Benjamin Franklin, once said, “In this world nothing can be said to be certain, except death and taxes.” This is still true, only in today’s context, there is one more thing that is certain – tax scams.

As Australia’s tax time commences, it will come as no surprise that criminals are on the hunt – looking to exploit individuals and put organisations at risk.

What do tax-time scams look like?

Phishing is a classic tax time scam as it continues to be hugely successful. According to a report released by the Australian Consumer and Competition Commission in May 2018, Australians made more than 200,000 scam reports in 2017. The top methods of contact used by scammers include the phone (noted in 40 per cent of the total of reports), followed by email, texting or social media (noted in 42 per cent of reports).

Despite increased efforts by companies and governments to build and raise awareness around tax time scams, 30 per cent of phishing emails are still opened and recipients are 6 times more likely to click on a phishing email than a genuine marketing email.

In Australia, 87 per cent of Australian businesses have confirmed that their users received phishing emails within the past 12 months, while 65 per cent of Australian business declared that they have been affected by ransomware attacks within the same period of time. All these figures show that scams during tax time is a lucrative business.

Here’s an example of a mass phishing attack involving a Netflix scam aiming at getting users to reveal their data, credentials, and money.

Source: Sophos

However, as individuals become more vigilant in spotting phish scams, mass phishing attacks are also getting smarter. The following website is the perfect example of an Australian Securities and Investments Commission (ASIC) scam email that includes a renewal letter link and a hyperlink that spells out the URL. This is a convincing way to deceive users because revealing the URL may establish certain level of trust by recipients.

Such scams have definitely captured the attention of ASIC and they have displayed a major warning about this scam on their own website.

Australia’s MyGov accounts have been targeted as well. The two images below look similar, with both using identical looking logos, sent to an undisclosed list of recipients, and included similar call-to-actions. However, upon closer inspection, the image on the right is hosted on a compromised WordPress domain.

Another common phishing attack during tax time is spearphishing. This is done by using spoof emails to persuade people within an organisation to reveal sensitive information or credentials. It is known to be targeted at an individual or a specific group (i.e. a department) within an organisation by using spoofed (look-a-like) email addresses that impersonated trusted sources and senior executives within the company.

Source: Sophos

Individuals need to stay vigilant in order to not fall victim to scams, especially at this time of year. What’s more, organisations need to empower their staff with the training and tools to keep themselves safe, when connecting at home or in the office. Whether you’re a big business, a small business or a consumer, These are just examples of how some of the smartest people in the world are trying to get your money, and your data.

With that, here are some tips on how to sidestep potential tax scams when you prepare your tax return:

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.